Merged
Conversation
* add stats and mx wasm plugin into proxy image * simplify wasm plugins downloading * format & clean up
* Update root.go * Update root.go * Add Example cobra command for manifest apply * Ran make gen * Update operator/cmd/mesh/root.go Formatting Co-Authored-By: John Howard <howardjohn@google.com> * Update root.go Co-authored-by: John Howard <howardjohn@google.com>
* Fix: sse duplicate xds push * fix ut
* Unify the readiness path for galley and istiod validation webook servers. * Use the correct port for checking galley's readiness.
…20173) * add e2e test for STS * revise * revise * add test * update comment * sync master * use fake JWT
* Add e2e tests with Jwt audience check. Also, add test case to show OR still work with the same issuer * Fix make gen * Add alpha policy for a to assert that it will be ignored * Rename test case
* Set Host field appropriately when passing through probes If someone sets a Host header, we shouldn't overwrite it back to localhost. The health check might be affected by the value of that header. We should ensure the host field is set to the provided host header, if set on the probe * cover :authority too
* Add ICP to IOP translation to manifest migrate command * Comments * Fix gen, tests
* remove the ability for pilot to register CRDs itself Installing and modifying CRDs requires elevated cluster-wide permissions. This should be done by a separate install step (istio-init) or by an operator. * fix controller_test.go * make gen
* wip * Add comment
… when using mTLS (#20126) Update based on config Fix tests Trying to fix tests Just do for TCP Enable Metadata Exchange for TCP when mTLS is on cleanup cleanup Fixing lint errors and running make gen Fix make gen Running make gen after rebase Fix license file Add option to enable metadata exchange Fix licensing file Add e2e test Fix e2e test Fix e2e test Fix tests Fix cleanup Fix based on feedback Add meta exc config to filter_types.go Run make gen Using INSERT_BEFORE to adding metadata exchange filter in the top of the list Fix spacing nit Fixed based on feedback Fixed based on feedback Fixed based on feedback Fixed dup in comments Co-authored-by: Nupur Garg <37600866+gargnupur@users.noreply.github.com>
* Improve nodeagent tests and error handling. * Small fix.
* Remove certmanager CRD from e2e test * format
This is now obsolete
* add e2e test for STS * revise * revise * add test * update comment * sync master * add test * format * add test * add more tests * revise * add timeout test * revise * update comments * format * remove duplicated file
* Update deps to latest patch versions * Update licenses/
* update api version. * fix test.
* Rename operator/cmd/manager to operator/cmd/operator * Update operator binary name to 'operator' * Add back operator/cmd/mesh.go * Update generated files * Revert deletion of operator/Makefile.core.mk
* Re-enable CNI test * Fixes
* Respect targetPort in gateway listener generation * Change listening ports to unprivileged ports (>1023) * Update operator's golden files * Fix linting issues
* Remove python proto gen from operator We don't use this, just clean up some extra junk * fix
* Add analyzer for v1alpha1/Policy using JWT It is possible that JWT authentication when used with the v1alpha1/Policy API is misconfigured leading users to believe that their cluster is secure when it is not. Warn the users of a misconfiguration; the associated K8s service's port name should be prefixed with http|http2|https. * lint_istio job was failing due to v1alpha1/Policy use
* Remove all traces of nodeagent Followup to #20777 * remove binary build
* Make istiod.enabled always true * Gen
* Setup ExternalName instances only for specified ports For #13479 Not sure if this is the right way to go * fix typo
We need #18135 done to prevent regressions in these tests
Message DeploymentRequiresServiceAssociated was receiving an extra parameter to its Sprintf formatter, which resulted in error messages like: Warn [IST0117] (Deployment loadgenerator.hipster) No service associated with this deployment. Service mesh deployments must be associated with a service.%!(EXTRA string=loadgenerator) This change removes the extra parameter (the deployment under question is already listed as the origin).
* Remove dependency on SSE in analyzer - This change is required for istiod work and it allows to use K8SCoreV1Services directly instead of SSE in analyzer's destination host * Address code review comments
* Apply beta peer authentication policy down to workload level * Clean up * Lint * Check beta policy for auto mtls. This can be removed when EP metadata take into account the policy * Use explicit peerauthentication policy for permissive, as we haven't remove old mesh policy during installation * pilot/pkg/security/authn/v1beta1/policy_applier.go * Move all test for beta mTLS api to the end * Change to namespace policy * Revert cluster.go * Change peer authn consolidation algorithm for UNSET (inheritant mode) * Reimplement getMostSpecificConfig (now composePeerAuthentication) which also consolidate port-level policies. * Fix inheritance: do not inherit if it is weaker than the current mode * Remove debug logs * Change test policy to namespace level to make sure they are clean up properly with the existing test setup. * Address comment * Lint * Simplify logic to pick the oldest * fix typo * Update function comment
* Merge * fix merge * Don't cache secrets loaded from file, no need for it. It would allow rotation without restart or watching - envoy should ask for new cert if it expires. * Merge issues * revert comment * Move initialization of root cert file. If pilot is killed (or crashes), the code path will find existing cert and not generate a new one, resulting in wrong key getting patched. * Fix the handling of 'user-supplied' certs * Move method to initialize pub key to istio_ca * format/fix * Added few more comments and details to the flag * Don't initialize DNS listener if the CA is missing * Remove duplicated policy * Fix bugs related to duplicated env variables. * Format * Merge errors * Sync files * Add extra config * Cosmetic changes * Add comments * Make gen * make gen again
* Derive istio namespace from CR, related refactor and cleanups * Update goldens * Lint * Fix initialism * Update goldens * Restore previous injection goldens * Review comments * Fix injector input format to GenManifests
* Removal bad merge artifact This is not used, was meant to be deleted * gen
* fix sts port node metadata * fix tes * fix lint * revert port to integer * clean up * more clean up
* initial commit * refactor and add test output * refactor the translate * gen proto * update make gen * further clean up of naming files * resolve conflict * resolve comments * address comment and resolve conflict * update error message * resolve conflict * resolve conflict again
…n components (#20809) * Add initial leader election * Cleanup * Add unit tests * user leader election for ns controller, validation controller * Log about ingress * Add graceful shutdown * Fix tests, add injector controller * Fix lint * Add renewal when lease is droppped, failing test * wip * Get everything working * Fix build * lint
* feat(grpc status codes): report grpc status codes via mixer * response.grpc_status is a string * force string instead of auto-detect duration * update manifest files as well * update to match istio/proxy PR Signed-off-by: Douglas Reid <douglas-reid@users.noreply.github.com> * update golden files Signed-off-by: Douglas Reid <douglas-reid@users.noreply.github.com> * add generated file Signed-off-by: Douglas Reid <douglas-reid@users.noreply.github.com> * running make gen a second time produces new results Signed-off-by: Douglas Reid <douglas-reid@users.noreply.github.com>
* update default profile * fix gen
…20943) * feat(injector): add initial support for canonical service revision labeling Signed-off-by: Douglas Reid <douglas-reid@users.noreply.github.com> * update bootstrap to match ICS proposal for v2 support
* Templating the cni validation container name * Adding changed proto with new field * gencheck * Updating golden yaml * More gencheck
* Apply peer authentication policy at port level * Lint * Fix e2e TestReachability/beta-per-port-mtls * Fix mix api test * Add log to test to debug resource apply/delete * Add require env kube for new tests
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Please provide a description for what this PR is for.
And to help us figure out who should review this PR, please
put an X in all the areas that this PR affects.
[ ] Configuration Infrastructure
[ ] Docs
[ ] Installation
[ ] Networking
[ ] Performance and Scalability
[ ] Policies and Telemetry
[ ] Security
[ ] Test and Release
[ ] User Experience
[ ] Developer Infrastructure